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Microsoft Update: New Critical Patch to Protect 
Against Download.Ject Vulnerability 


ADVISORY OVERVIEW 


July 02, 2004 - Qualys™ Vulnerability R&D Lab has released new 
vulnerability signatures in the QualysGuard® Service to protect 
organizations against the new Microsoft® vulnerability that was 
announced earlier today. Customers can immediately audit their 
networks for this and other new vulnerabilities by accessing their 
QualysGuard subscription. 


VULNERABILITY DETAILS 


Microsoft released a critical patch today which forces configuration 
changes in Windows XP, Windows 2000, and Windows Server 2003, to 
address recent malicious attacks against Internet Explorer know as 
Download.Ject. This vulnerability gained public attention last week when 
it was exploited to facilitate the spread of the Scob Trojan through 
numerous popular websites. 


This patch is the first in a series of Internet Explorer security updates 
that Microsoft plans for the next several months. More information can 
be found on Microsoft's website: 


http: //www.microsoft.com/presspass/press/2004/jul04/07- 
O2configchange.asp 


HOW TO PROTECT YOUR NETWORK 


Audits for the new Microsoft Critical Security vulnerability are already 
available in the QualysGuard vulnerability management platform. A 
default scan using authentication will detect these issues and is the 
recommended detection method. In addition QualysGuard users can 
perform a selective scan for these specific vulnerabilities using the 
following checks: 


e "Microsoft Internet Explorer Critical Patch KB870669 
Missing" 
o Qualys ID: 90131 
o Windows login required 
o Additionally, enable the "Windows Host Name" signature with 


Qualys ID 82044 if you want to report on vulnerable hosts by 
Windows (NetBIOS) machine name. 


TECHNICAL SUPPORT 


For more information, customers may contact Qualys Technical Support 


directly at support@qualys.com or by telephone toll free at: 
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102 


ABOUT QUALYSGUARD 


QualysGuard is an on-demand security audit service delivered over the 
web that enables organizations to effectively manage their vulnerabilities 
and maintain control over their network security with centralized reports, 
verified remedies, and full remediation workflow capabilities with trouble 
tickets. QualysGuard provides comprehensive reports on vulnerabilities 
including severity levels, time to fix estimates and impact on business, 
plus trend analysis on security issues. By continuously and proactively 
monitoring all network access points, QualysGuard dramatically reduces 
security managers’ time researching, scanning and fixing network 
exposures and enables companies to eliminate network vulnerabilities 
before they can be exploited. 


Access for QualysGuard customers: https://qualysquard.qualys.com 


Free trial of QualysGuard service: 
http ://www.qualys.com/forms/trials/qualysquard trial 
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